<html><head><title>Re: [rbak-nsp] Problem with FTP connection</title>
</head>
<body>
<span style=" font-family:'Courier New'; font-size: 9pt;">Hello Michał,<br>
<br>
Redback NAT don't support ALG , so there may be problems with some protocols, for FTP try using passive mode.<br>
<br>
<br>
Rafał<br>
<br>
<br>
<br>
Monday, September 18, 2017, 2:39:39 PM, you wrote:<br>
<br>
</span><table bgcolor="#ffffff">
<tr>
<td width=3 bgcolor= #0000ff><br>
</td>
<td><span style=" font-family:'courier new'; font-size: 9pt;">Hi , i need some help. We have issue with FTP connection. One of ower client try to connect to FTP serwer but becouse we have range pool every connection has different source. For ex auth has not the same src address then file download. Can you check my config ? : <br>
<br>
[NOWODWORSKA]Dareek#show configuration <br>
Building configuration...<br>
<br>
Current configuration:<br>
!<br>
context NOWODWORSKA<br>
! <br>
no ip domain-lookup<br>
!<br>
<b> ip nat pool Pool-1 napt multibind<br>
address 185.78.134.1 to 185.78.134.254<br>
exclude well-known<br>
</b>!<br>
nat policy NAT<br>
! Default class<br>
ignore<br>
inbound-refresh udp<br>
icmp-notification<br>
! Named classes<br>
access-group CLASS<br>
class NAT<br>
pool Pool-1 NOWODWORSKA<br>
endpoint-independent filtering udp<br>
inbound-refresh udp<br>
icmp-notification<br>
class NoNAT<br>
ignore<br>
inbound-refresh udp<br>
icmp-notification<br>
!<br>
interface BRAMA-NOWODWORSKA multibind<br>
ip address 80.238.125.1/24<br>
dhcp server interface<br>
!<br>
interface BRAMA-NOWODWORSKA-2 multibind<br>
ip address 93.174.26.1/24<br>
ip address 10.4.0.1/24 secondary tag 10<br>
dhcp server interface<br>
!<br>
interface Klienci-NAT multibind<br>
ip address 10.100.0.1/16<br>
dhcp server interface<br>
!<br>
interface To-Cisco-Pol<br>
ip address 10.29.0.1/30<br>
no logging console<br>
logging syslog 10.1.10.15 facility local7<br>
!<br>
policy access-list CLASS<br>
seq 10 permit ip 10.100.0.0 0.0.255.255 host 80.238.109.12 class NoNAT<br>
seq 11 permit ip 10.100.0.0 0.0.255.255 host 80.238.109.11 class NoNAT<br>
seq 100 permit ip 10.100.0.0 0.0.255.255 class NAT<br>
!<br>
aaa authentication administrator local <br>
aaa authentication administrator maximum sessions 1<br>
aaa authentication subscriber radius <br>
radius coa server 10.3.14.24 encrypted-key XXX port 3799<br>
!<br>
radius server 10.3.14.24 encrypted-key XXX<br>
!<br>
subscriber default<br>
dhcp max-addrs 1<br>
!<br>
ip route 0.0.0.0/0 context BGP<br>
ip route 10.1.10.15/32 10.29.0.2<br>
ip route 10.3.14.24/32 10.29.0.2<br>
ip route 10.3.14.110/32 10.29.0.2<br>
ip route 80.238.109.11/32 10.29.0.2<br>
ip route 80.238.109.12/32 10.29.0.2<br>
ip route 80.238.113.178/32 10.29.0.2<br>
!<br>
dhcp server policy<br>
subnet 10.4.0.0/24<br>
range 10.4.0.2 10.4.0.244<br>
option router 10.4.0.1<br>
default-lease-time 900<br>
subnet 10.100.0.0/16<br>
range 10.100.0.2 10.100.255.254<br>
option router 10.100.0.1<br>
option domain-name-server 80.238.109.12 80.238.109.11<br>
default-lease-time 900<br>
subnet 80.238.125.0/24<br>
range 80.238.125.2 80.238.125.254<br>
option router 80.238.125.1<br>
option domain-name-server 8.8.8.8<br>
default-lease-time 900<br>
subnet 93.174.26.0/24<br>
range 93.174.26.2 93.174.26.254<br>
option router 93.174.26.1<br>
option domain-name-server 8.8.8.8<br>
default-lease-time 900<br>
!<br>
flow collector rflow<br>
ip-address 10.3.14.110<br>
port 9800<br>
export-version v5<br>
transport-protocol udp<br>
ip profile FLOW<br>
!<br>
!<br>
!<br>
end<br>
<br>
-- <br>
<br>
Michał Przywuski<br>
Administrator sieci.</td>
</tr>
</table>
<br>
<br>
<br>
<span style=" font-family:'arial'; color: #c0c0c0;"><i>-- <br>
Best regards,<br>
Ozga Rafal </i></span><a style=" font-family:'arial';" href="mailto:golem@mtm-info.pl">mailto:golem@mtm-info.pl</a></body></html>